The Risk Of Trusting In A Trustless System

Discussing the risks and challenges of trust in the Bitcoin ecosystem.

Note: In light of the security breach at Hong Kong-based Bitcoin exchange Bitfinex, in which 119,756 BTC valued at approximately $70 million USD were stolen, I decided to share an excerpt from my undergraduate thesis. My thesis was about economic, social and computational centralization that was catalyzed by the Chinese Bitcoin community, and I may share other parts of it here at some point. It is copied verbatim from what I submitted to my supervising professor, so there may be allusions to prior sections of the paper that aren’t present in this post. I did my best to avoid the dry language of academic writing.

Trust, Centralization And Other Risks With Bitcoin

As I alluded to in the section about embeddedness, Granovetter helped to cement in the social science literature the role trust and social connections play in the formation of economic relationships. In somewhat simplified terms, the theory suggests that actors in an economic system will preferentially create economic relationships with actors they trust.

This creates an interesting theoretical and rhetorical tension with the fundamental concepts of Bitcoin. It is easy to think of trust as a prerequisite for “safe” economic interaction, but trust also carries its own set of risks. Trust is also a prerequisite for trickery and subterfuge. It’s out of this atmosphere of mistrust that central elements of Bitcoin’s technical architecture emerged. The programmatic way in which new currency enters the Bitcoin system reflects Satoshi Nakamoto’s mistrust of central banks and their ability to will economic value into and out of existence. The decentralized nature of transaction verification eliminates the need for a centralized, trusted third party to act as a clearinghouse for transactions. The fact that transactions are pseudonymous means that bitcoins can be treated as an electronic version of cash, which in conventional currency systems is used to facilitate fast, anonymous transactions. Nakamoto states in the opening paragraphs of the original Bitcoin paper that the irreversible nature of a Bitcoin transaction means that merchants don’t have to trust that customers will not maliciously dispute or “charge back” transactions, like they can do with credit cards.

The information security community has this saying, “Trust, but verify”. Well, why risk trusting when verification becomes trivially easy? The highly transparent nature of the central blockchain ledger removes the necessity to trust that a transaction occurred; verifying is as simple as using a blockchain explorer to look up the transaction-id or either Bitcoin address involved in the transaction. The fact that Bitcoin’s codebase has been open source effectively since day one of its existence means that any sufficiently knowledgeable person can audit the code to verify that there are no hidden back doors or other features that could facilitate malfeasance.

In these ways, Bitcoin’s architecture is anti-trust or “trustless”. In a very direct way, the very reasons that users cite for “trusting” Bitcoin stem from the trustless design of the protocol. If the trustless nature of Bitcoin is maintained by a decentralized network of miners and service providers, then it holds that that trustless-ness is corroded when the system becomes more centralized. So, the common narrative that Bitcoin is some pure, apolitical, trustless medium of exchange is at least severely flawed if not outright false. The economic and social centralization of Bitcoin has created a system that is rife with trust issues.

In this section, I’ll present some historical background on the causes of centralization in Bitcoin, a brief (and incomplete) accounting of the issues presented by trusting third parties in Bitcoin.

The Roots of Centralization in Bitcoin

Before any discussion of the current state of centralization in the Bitcoin space, and the numerous trust issues it engenders, it’s important to understand how, exactly, an economic system designed on the principles of trustless-ness and decentralization evolved to its current state.

One of the central tenets of Bitcoin is the idea of “being one’s own bank”. Much like one can store cash or precious metals under the proverbial mattress, and thus take responsibility for its security, one can do the same with bitcoins. As was alluded to in the “What is Bitcoin” section, Bitcoin’s value is stored in addresses. These addresses take the form of public-private key pairs generated by an algorithm.1 For those unfamiliar with public-key cryptography, it might be useful to think of Bitcoin addresses like email addresses. There is a public address (e.g. someUser@domain.tld) is free to share, and to which others can send email, but there is also a password that must be kept private. The same is true with Bitcoin addresses, in that public keys are shared openly, whereas private keys are guarded. When someone loses control of their email password (by dint of forgetfulness, technical error or by being the victim of a malicious attack) they effectively lose ownership of the account. This is also true with Bitcoin addresses, but whereas most email providers have multiple layers of authentication, the ability to reset passwords based on security questions, etc., to protect users, no such recovery system exists for Bitcoin private keys. (Having such a service would require a trusted third party, which is ipso facto antithetical to Bitcoin.) If a Bitcoin private key is lost, any economic value tied to that address is effectively lost as well. The bitcoins don’t go away or disappear in the same way that lighting a dollar bill on fire makes its stored economic value disappear; it’s just that the key that “unlocks” the bitcoins from their metaphorical cryptographic vault is gone.

Maintaining control of private keys is the only way for a Bitcoin user to say that they, and only they, own their bitcoins. But, securely maintaining a collection of private keys is not user-friendly in most Bitcoin clients. One has to make backups, and backups of backups, and worry about securely storing those backups to ensure that the private keys are maintained with sufficient security. Some users go to fairly elaborate lengths to maintain the security their own Bitcoin wallets, from generating new key pairs on machines that haven’t touched the Internet, to storing paper printouts of public and private key pairs in safety deposit boxes, ascribing a sufficiently random chain of words to their private keys to generate what’s known as a “brain wallet”2 (so-called because this string of words can be memorized, thus allowing the user to store bitcoins in neuronal memory), and even etching their key pairs in metal and burying said metal plate in their back yard.

Failure to maintain control over private keys is now quite costly due to the appreciation in Bitcoin’s price. Back when a Bitcoin was worth a fraction of a penny, not much effort went into storing them securely. An immeasurable amount of economic value has been rendered inaccessible due to individuals losing control over their private keys. Famously, British security researcher James Howells threw out a hard drive containing a Bitcoin wallet with 7,500 BTC on it. Although he mined those bitcoins using his laptop’s CPU back in 2009 for almost nothing, by the time he threw it out, those Bitcoins were worth 500,000 GBP.3 At Bitcoin’s peak price, that hard drive contained $9,000,000 USD worth of BTC. There are hundreds of incidents of smaller magnitude on record.

If a Bitcoin user can’t trust themselves to maintain the privacy and security of private keys, who do they trust? Just like most users of email don’t run their own email server, opting instead to use a service like Gmail or Yahoo Mail, most Bitcoin users rely on third party service providers to buy, sell and transact in bitcoins.

Some of the earliest Bitcoin services to emerge were web-based wallet applications. True to their name, web wallets allow Bitcoin users to store bitcoins in addresses managed by the service provider. This can offer a number of significant benefits to the Bitcoin user, including: the possibility of increased anonymity for those using monitored IP addresses, relative ease with which these wallets can be generated, freedom from running a full node and thus managing a multi-gigabyte blockchain database and maintaining a stable network connection, and, finally, the belief in the security and trustworthiness of their wallet service provider. Depending on the service architecture of the web wallet, there can be any number of security and privacy vulnerabilities. As Gervais et al. note, “Different types of web wallets have emerged. Some store the private keys on the server side while others store them locally in the browser of the user. Depending on where the private key is stored, web wallet operators can gain unilateral powers over the BTCs of their users.”4 (For further reading, the “Browser-Based Wallet” page5 on The Bitcoin Wiki is helpful.)

There is another Bitcoin service that goes hand-in-hand with web wallets are exchange services. These exchanges allow users to buy bitcoins (and other cryptocurrencies) with the traditional currency of their choice. Unlike with web wallets, exchanges do not let users store their private keys locally, and it is usually the case that exchanges store bitcoins on shared addresses. (This is to say, the economic value attributed to a user’s account is just that, attributed, rather than owned. ) Most electronic wallet services, exchanges usually implement a combination of online and offline storage and multi-signature transactions for large withdrawals. Many active traders store large amounts of bitcoins in their exchange accounts, which is widely regarded as unwise by security-conscious members of the Bitcoin community.

Although there are ways to cryptographically audit the balances of both web wallet and exchange services,6 which can alleviate concerns over solvency, these proof-of-reserves mechanisms do not mitigate the risks imposed by technical oversight, accident or malfeasance. For as many stories there are about people finding their old Bitcoin wallets and discovering they were suddenly rich, there are just as many, if not more lurid stories of loss. There was of course the FBI’s operation to seize and shut down the dark net marketplace The Silk Road and arrest its operator, who went by the name Dredd Pirate Roberts, or DPR. DPR served as the capital-L Libertarian voice of The Silk Road, as well as its escrow agent. Although he was trusted in the community, all of the bitcoins in his escrow wallet (as well as personal reserves) were seized by the FBI when Ross Ulbricbht was arrested.7 The FBI seized 171955 BTC, 30,000 of which was sold to venture capitalist Tim Draper in a $17 million auction.8

Fraud and theft are also factors to contend with. The largest theft of bitcoins to date occurred with the collapse of the Bitcoin Savings & Trust,9 which turned out to be a Ponzi scheme. Its operator, Trendon Shavers, pled guilty on charges of fraud and securities violations and faces a 40-year sentence and over $40 million in fines for the theft of 764,000 BTC in 2012, then worth approximately $188 million.10 Another major incident occurred in September of 2012. In a post on BitcoinTalk, the operator of the exchange Bitfloor announced that there had been a theft on the exchange.11 Their servers had been compromised and an attacker gained access to the unencrypted private keys of the exchange’s “hot wallet,” a term used in the industry to describe the set of Bitcoin addresses an exchange or service uses to facilitate day-to-day operations. Attackers exfiltrated 24,000 BTC – then worth approximately $250,000 – in five transactions. Although those transactions can be traced on the blockchain, it is often not possible to trace transactions back to individuals.

Users of third party Bitcoin services not only have to trust the security practices of the services, they have to assume technical competence as well. In July 2011, Bitomat.pl, then the third largest Bitcoin exchange, accidentally destroyed their hot wallet during a server reboot. No backups were kept of the wallet, and the 17,000 BTC kept in that wallet were rendered forever inaccessible.

In many cases, the trust placed in “trusted third parties” is unwarranted. While the blockchain removes the need for trusted third parties to ensure privacy, because all transactions are public, the somewhat unforgiving design of the protocol has led most users of Bitcoin to rely on third parties to manage their digital tokens. Due to this trust mechanism, Bitcoin users put their economic value in the hands of others. This creates a liability for the user, and a vulnerability to Bitcoin itself, the integrity of which is ostensibly reliant on decentralization.